Most modern business-class PCs that were designed for Windows 10 support BitLocker Drive Encryption. With BitLocker encryption turned on for the system drive, an attacker who steals your device but doesn't have your sign-in credentials is completely locked out of your data.
The requirements for BitLocker Drive Encryption are fairly simple. Your hardware must include a Trusted Platform Module (TPM) chip, version 1.2 or later, and you must be running a business edition of Windows 10: Pro, Enterprise, or Education. (It's possible to enable BitLocker without a TPM, using a USB flash drive to store the encryption key, but I don't recommend it.)
To see whether your PC has a TPM chip (and, if so, which version), follow these steps:
Right-click Start and then click Device Manager on the Quick Link menu.
In Device Manager, look for the heading Security Devices. If it doesn't exist, your system isn't equipped with a TPM.
If the Security Devices heading exists, expand it to show Trusted Platform Module hardware, including version number, like the one shown here.
If that seems like too much work, just run the BitLocker Encryption Wizard, which includes its own compatibility checker.
Open File Explorer, click This PC, right-click the icon for your system drive (usually drive C), and then click Turn on BitLocker. If your system doesn't meet the specifications, you'll get an error message. If everything's clear, you can follow the wizard's prompts to save your recovery key and begin the encryption process.